Skip to main content

Microsoft CVE-2026-30302

| EUVDEUVD-2026-16670 CRITICAL
OS Command Injection (CWE-78)
2026-03-27 mitre
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 27, 2026 - 16:00 euvd
EUVD-2026-16670
Analysis Generated
Mar 27, 2026 - 16:00 vuln.today
CVE Published
Mar 27, 2026 - 00:00 nvd
CRITICAL 10.0

DescriptionCVE.org

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). Attackers can exploit this discrepancy between the parsing logic and the execution environment by constructing payloads such as git log ^" & malicious_command ^". The CodeRider-Kilo parser is deceived by the escape characters, misinterpreting the malicious command connector (&) as being within a protected string argument and thus auto-approving the command. However, the underlying Windows CMD interpreter ignores the escaped quotes, parsing and executing the subsequent malicious command directly. This allows attackers to achieve arbitrary Remote Code Execution (RCE) after bypassing what appears to be a legitimate Git whitelist check.

AnalysisAI

CodeRider-Kilo's command auto-approval module fails to correctly parse Windows CMD escape sequences (^), allowing attackers to bypass its Git command whitelist and achieve arbitrary remote code execution. The vulnerability exploits a mismatch between the Unix-based shell-quote parser used for validation and the actual Windows CMD interpreter behavior, enabling attackers to inject malicious commands through crafted payloads such as git log ^" & malicious_command ^". No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical ContextAI

CodeRider-Kilo implements a command auto-approval security module that uses the Unix-based shell-quote library to parse and whitelist commands before execution on Windows platforms. The root cause is CWE-78 (Improper Neutralization of Special Elements used in an OS Command, aka OS Command Injection). The vulnerability stems from a fundamental incompatibility: the shell-quote parser correctly interprets the caret (^) character as an escape sequence in Unix contexts, but Windows CMD.exe has different escape semantics. When the parser encounters git log ^" in a validation context, it treats the escaped quote as a protected character and fails to recognize the subsequent & operator as a command connector, thus approving the entire command. However, Windows CMD.exe ignores the escaped quotes and correctly parses the & as a logical AND operator, executing the injected malicious command. This parser-execution environment mismatch allows complete bypass of whitelist controls.

RemediationAI

Immediate action required: apply vendor-supplied patch when available from the CodeRider-Kilo development team, noting that no specific patched version number is provided in current intelligence. The fundamental fix is to replace the Unix-based shell-quote parser with a Windows CMD-aware command parser that correctly handles Windows-specific escape sequences (^, ", ^&, etc.) and re-validate all whitelist logic against the actual execution interpreter semantics. Until a vendor patch is released, implement compensatory controls: restrict execution of the auto-approval module to trusted internal networks only, disable auto-approval functionality if possible and require manual review for all commands, and audit all executed commands through CodeRider-Kilo against an external security baseline. Consult the GitHub issue at https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/3 for vendor guidance and timeline.

Share

CVE-2026-30302 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy